{"id":"CVE-2025-71151","summary":"cifs: Fix memory and information leak in smb3_reconfigure()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix memory and information leak in smb3_reconfigure()\n\nIn smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the\nfunction returns immediately without freeing and erasing the newly\nallocated new_password and new_password2. This causes both a memory leak\nand a potential information leak.\n\nFix this by calling kfree_sensitive() on both password buffers before\nreturning in this error case.","modified":"2026-03-20T12:46:39.133119Z","published":"2026-01-23T14:15:17.916Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71151.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5679cc90bb5415801fa29041da0319d9e15d295d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bb82aaee16907dc4d0b9b0ca7953ceb3edc328c6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bc390b2737205163e48cc1655f6a0c8cd55b02fc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cb6d5aa9c0f10074f1ad056c3e2278ad2cc7ec8d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71151.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-71151"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"880a661e67648a3ffe85405e8de5f50650a3c0b2"},{"fixed":"bc390b2737205163e48cc1655f6a0c8cd55b02fc"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0e4145774c016530bf99afb3675a1a0593c35642"},{"fixed":"5679cc90bb5415801fa29041da0319d9e15d295d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0f0e357902957fba28ed31bde0d6921c6bd1485d"},{"fixed":"bb82aaee16907dc4d0b9b0ca7953ceb3edc328c6"},{"fixed":"cb6d5aa9c0f10074f1ad056c3e2278ad2cc7ec8d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"674ba43944dab8e8f87434e25d9d10c5152584bc"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71151.json"}}],"schema_version":"1.7.5"}